Candidate: CVE-2016-9855
PublicDate: 2016-12-11 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9855
 https://www.phpmyadmin.net/security/PMASA-2016-63/
Description:
 An issue was discovered in phpMyAdmin. By calling some scripts that are
 part of phpMyAdmin in an unexpected way, it is possible to trigger
 phpMyAdmin to display a PHP error message which contains the full path of
 the directory where phpMyAdmin is installed. During an execution timeout in
 the export functionality, the errors containing the full path of the
 directory of phpMyAdmin are written to the export file. All 4.6.x versions
 (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This
 CVE is for the PMA_shutdownDuringExport issue.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Emanuel Bronshtein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]

Patches_phpmyadmin:
upstream_phpmyadmin: released (4:4.6.5.1-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needs-triage)
trusty_phpmyadmin: not-affected (code not present)
trusty/esm_phpmyadmin: not-affected (code not present)
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: ignored (reached end-of-life)
zesty_phpmyadmin: not-affected (4:4.6.5.1-1)
artful_phpmyadmin: not-affected (4:4.6.5.1-1)
bionic_phpmyadmin: not-affected (4:4.6.5.1-1)
cosmic_phpmyadmin: not-affected (4:4.6.5.1-1)
disco_phpmyadmin: not-affected (4:4.6.5.1-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.5.1-1)
groovy_phpmyadmin: not-affected (4:4.6.5.1-1)
hirsute_phpmyadmin: not-affected (4:4.6.5.1-1)
impish_phpmyadmin: not-affected (4:4.6.5.1-1)
jammy_phpmyadmin: not-affected (4:4.6.5.1-1)
devel_phpmyadmin: not-affected (4:4.6.5.1-1)